Hackers Using iCloud's Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments

Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone.

With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here.

maclockedfindmyiphone
Apple allows users to access Find My iPhone without requiring two-factor authentication in case a person's only trusted device has gone missing.

2faicloud

2-factor authentication not required to access Find My iPhone and a user's list of devices.

Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device.


The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers.

Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.

lockmacfindmyiphone

It's easy to lock a Mac with a passcode in Find My iPhone if you have someone's Apple ID and password.

To prevent an issue like this, Apple users should change their Apple ID passwords, enable two-factor authentication, and never use the same password twice. Products like 1Password, LastPass, and even Apple's own iCloud Keychain are ideal ways to generate and store new passwords for each and every website.


Users who have had their Macs locked will need to get in contact with Apple Support for assistance with removing the Find My iPhone lock.

(Thanks, Eli!)

Popular Stories

iOS 18

Here Are Apple's Full Release Notes for iOS 18.2

Thursday December 5, 2024 11:48 am PST by
Apple seeded the release candidate version of iOS 18.2 today, which means it's going to see a public launch imminently. Release candidates represent the final version of new software that will be provided to the public should no last minute bugs be found, and Apple includes release notes with the RC launch. The iOS 18.2 release notes provide a look at all of the new features that are coming...
Apple AI Command Center Concept Mock 3

Apple Expected to Launch This All-New Device Next Year

Wednesday November 27, 2024 1:05 pm PST by
Apple is expected to kick off 2025 by launching an all-new smart home hub, also referred to as a "command center," as early as March. The hub is expected to feature around a six-inch display that can be attached to a tabletop base with a speaker, or mounted on a wall. The device is said to run a new "homeOS" operating system with a customizable widget-focused home screen, and it is expected...
New Things Your iPhone Can Do in iOS 18

20 New Things Your iPhone Can Do in iOS 18.2

Friday December 6, 2024 4:42 am PST by
Apple is set to release iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls...
iPhone 17 Slim Feature

iPhone 17 'Air' Expected to Be ~2mm Thinner Than iPhone 16 Pro

Friday December 6, 2024 4:07 pm PST by
In 2025, Apple is planning to debut a thinner version of the iPhone that will be sold alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. This iPhone 17 "Air" will be about two millimeters thinner than the current iPhone 16 Pro, according to Bloomberg's Mark Gurman. The iPhone 16 Pro is 8.25mm thick, so an iPhone 17 that is 2mm thinner would come in at around 6.25mm. At 6.25mm,...
iPhone 14 Pro Display Two Times Brighter Feature

Every Display Upgrade Rumored for Apple's iPhone 17

Friday December 6, 2024 5:14 am PST by
Apple's next-generation iPhone 17 lineup may bring some of the most significant display improvements we've seen in recent years. While the iPhone 17 series isn't expected until late 2025, multiple rumors suggest Apple is working on substantial screen upgrades across its entire smartphone range. From enhanced refresh rates to advanced materials and improved power efficiency, these display...
airpods pro 2 gradient

AirPods Pro 3 Expected Next Year: Here's What We Know

Thursday November 28, 2024 3:30 am PST by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as...
Generic iOS 18

Apple Seeds Release Candidate Versions of iOS 18.2 and More With Genmoji, Image Playground and ChatGPT Integration

Thursday December 5, 2024 10:03 am PST by
Apple today seeded the release candidate versions of upcoming iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2 updates to developers and public beta testers for testing purposes, two weeks after releasing the fourth betas. Alongside the release candidate versions of the iPhone, iPad, and Mac operating system updates, Apple has also seeded the watchOS 11.2, tvOS 18.2, and HomePod Software 18.2 RCs....
open ai logo

OpenAI Launches $200/Month ChatGPT Pro Plan

Thursday December 5, 2024 4:19 pm PST by
OpenAI today announced the launch of ChatGPT Pro, a $200 per month subscription service that provides unlimited access to OpenAI o1, the company's newest and most advanced large language model. The plan includes unlimited use of OpenAI o1, o1-mini, GPT-4o, and Advanced Voice, along with o1 pro mode, an o1 version that uses more compute to provide better answers to the hardest problems. In...

Top Rated Comments

miketcool Avatar
94 months ago
Meh, this is why things live on external drives. If I lost or had my laptop stolen, I'd wipe it and be back up and running in 25 minutes without the hassle.
Score: 19 Votes (Like | Disagree)
I Need a Drink Avatar
94 months ago
Nice job MR. I only emailed them about this 4 weeks ago and asked that they run a story to inform people that this was going on.

I also emailed Apple about the issue with a simple suggestion. What they need to do is to require the device password when you try to lock a device from Find My iPhone on the web. When you go to remote lock a device you enter a lock passcode and the device's password or passcode. When that is sent to the Mac, iPhone, whatever, if the device password doesn't match, it won't lock the device. That way, even if a hacker guesses your Apple ID and password using hacked credentials, they still can't lock the device without the Mac's login.
Score: 17 Votes (Like | Disagree)
44267547 Avatar
94 months ago
Macurmors quote:

"Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details."

And this is exactly why I reconfigure all my passwords for my accounts on a regular basis. Stagnancy can be part of the problem.
Score: 12 Votes (Like | Disagree)
Vol7ron Avatar
94 months ago
Yup, this happened to me back in June when I installed beta 1 of MacOS High Sierra. Frustrating and embarrassing when your an IT engineer and your own device gets hacked! Had to bring it to Apple and provide proof of ownership before they would remove the lock.

And always use 2Factor. I don’t buy the second tweet about someone getting hacked with having 2FA enabled. Even if they could guess your password and the security code, your trusted device would still get a notification and you could block access.
I had 2 factor enabled, saw that someone was trying to access my account, denied them, and still had my account locked.
Score: 11 Votes (Like | Disagree)
busyscott Avatar
94 months ago
MacRumors, why are you recommending two-factor authentication if you then go onto say you can access Find My iPhone without needing 2FA??

Here's a better recommendation: turn off Find My Mac until Apple correct course and Find My iPhone requires 2FA.
Score: 10 Votes (Like | Disagree)
Born Again Avatar
94 months ago
I liked how he said "y'all"

"y'all come back now ! yah hear?!"
Score: 7 Votes (Like | Disagree)